Reframing psychosocial risk as a board level duty of care
Psychosocial risk and the CHRO duty of care have moved from wellness rhetoric to hard governance. For any serious employer, health and safety at work now sit alongside financial risk on the audit committee agenda, because regulators explicitly treat psychosocial hazards as part of occupational health and safety law. If you are a chief human resources officer, your role in managing psychosocial risks is no longer optional or soft, it is a core element of enterprise risk management.
Across the European Union, the Framework Directive 89/391 created a general obligation for employers to protect workers’ health and safety, and regulators have since clarified that this extends to mental health, work stress and broader psychological health. France, Belgium, Spain and Germany now require employer led psychosocial risk assessment processes, which means that hazards in the workplace such as chronic workload, low autonomy, bullying or poor management are treated as hazards workplace issues, not just culture topics. The US Occupational Safety and Health Administration increasingly uses the general duty clause in work stress cases, signalling that psychosocial hazards can trigger enforcement where employers fail to do what is reasonably practicable to protect workers.
For CHROs, this shift means psychosocial risk and CHRO duty of care must be framed as a strategic risk, not a wellness benefit. Audit committees expect a coherent management system for health safety and safety health, with clear accountabilities, metrics and a credible report on both physical and psychosocial risks. The work environment, psychological safety and mental health outcomes now influence investor perceptions of management quality, because poor mental health indicators correlate with higher absenteeism, lower productivity and higher incident rates.
From HR dashboard to audit committee: upgrading the risk narrative
Most HR dashboards still treat mental health and psychosocial risk as engagement survey sub scores, which underestimates their governance significance. A board level narrative requires the CHRO to translate diffuse people data into a structured risk assessment that aligns with how safety executive teams and audit chairs think about hazards, controls and residual risks. The World Day for Safety and Health at Work offers a timely pretext to reset this narrative before your organization publishes another generic wellness post.
Start by mapping psychosocial hazards to the same categories used for physical safety health, such as exposure, likelihood and severity, and then add leading indicators like workload volatility, manager span of control and incident reports of bullying or harassment. ISO 45003, the international standard for psychological health and safety at work, provides a practical framework for managing psychosocial risks within an integrated management system, and many multinational employers now align their occupational health programs with it. When you present to the audit committee, position psychosocial risk as a cross cutting factor that amplifies other risks, for example cyber incidents driven by fatigued workers, quality failures linked to work stress, or compliance breaches in units with persistent poor mental health scores.
To make this credible, CHROs must partner with internal audit, legal and the health organization or occupational health provider to validate data quality and thresholds. The aim is to move from anecdotal stories about stressed people to quantified, scenario based analysis that shows where the work environment and management practices create unacceptable psychosocial risks. That is how psychosocial risk and CHRO duty of care become part of formal risk registers, not just themes in leadership offsites.
Manager enablement and the gap between policy and daily practice
Policies on psychological safety and mental health are meaningless if line leaders lack the skills and incentives to change daily work. The most sophisticated psychosocial risk management system will fail if managers still reward long hours, tolerate microaggressions or ignore early signs of work stress in their équipes. CHROs must treat manager capability as a primary control for psychosocial hazards, not a secondary learning and development topic.
Practical enablement starts with clarifying that every manager is an agent of the employer’s duty of care for health and safety at work, which includes managing psychosocial risks alongside physical hazards. Training should focus less on generic resilience tips and more on concrete behaviours, such as how to design roles to reduce unnecessary risks, how to conduct a local risk assessment of psychosocial hazards in the workplace, and how to escalate issues through the safety executive or health and safety committee. When managers understand that their decisions on workload, scheduling and feedback directly influence psychological health and poor mental health outcomes, they are more likely to treat psychosocial risk as a core part of their leadership role.
In performance management, CHROs should add explicit expectations and metrics related to psychological safety, incident reporting and team mental health indicators. Leaders who consistently generate high work stress, high turnover and frequent complaints should face consequences, just as they would for repeated safety breaches or financial control failures. Over time, this alignment between policy, management behaviour and accountability turns psychosocial risk and CHRO duty of care into a lived standard, not a seasonal communication around the World Day for Safety and Health at Work.
Measuring what matters without wellness theatre
Measurement is where many organizations slide into wellness theatre, with glossy campaigns that mask weak controls on psychosocial risk. To avoid this, CHROs need a disciplined measurement architecture that links psychosocial risks to business outcomes and regulatory expectations, rather than to vanity scores. The goal is to generate a concise, decision ready report that audit committees, CEOs and international investors can use to judge whether the employer is doing what is reasonably practicable to protect workers’ health and safety.
Build a layered measurement model that combines lagging indicators such as sickness absence, occupational health referrals and mental health claims with leading indicators like workload patterns, overtime spikes, exit interview themes and hazards workplace observations. Integrate data from employee surveys, but treat them as one input among many, and add qualitative insights from focus groups or safety walks to understand specific psychosocial hazards in the work environment. Where possible, align your taxonomy with ISO 45003 and national guidance from bodies such as the UK Health and Safety Executive or the US Occupational Safety and Health Administration, so that your management system and risk assessment language match external expectations.
Finally, present psychosocial risk and CHRO duty of care metrics in the same disciplined format used for other enterprise risks, with clear owners, control effectiveness ratings and remediation plans. This framing signals to people leaders and the wider organization that mental health, psychological safety and psychosocial risks are treated as strategic, not symbolic. In the end, what shifts board behaviour is not engagement surveys, but boardroom credibility.
Key statistics on psychosocial risk and duty of care
- EU occupational safety and health law, through the Framework Directive 89/391, requires employers to assess and manage risks to workers’ health and safety, which regulators interpret to include psychosocial risks such as work related stress and harassment.
- Several European countries, including France, Belgium, Spain and Germany, have made psychosocial risk assessment a specific legal obligation for employers, embedding psychosocial hazards into formal risk assessment processes.
- In the United States, the Occupational Safety and Health Administration increasingly applies the general duty clause to cases involving excessive work stress and poor mental health outcomes, treating them as workplace safety issues.
- ISO 45003, the international standard for psychological health and safety at work, is being adopted by a growing number of multinational organizations as part of their integrated health and safety management systems.
Frequently asked questions about psychosocial risk and CHRO duty of care
Why should psychosocial risk sit on the audit committee agenda rather than only on HR dashboards ?
Psychosocial risk now carries clear legal, financial and reputational implications, which places it firmly within the remit of audit and risk committees. When regulators treat mental health, work stress and psychosocial hazards as part of occupational health and safety law, boards must oversee whether the employer is doing what is reasonably practicable to manage these risks. Keeping psychosocial risk only on HR dashboards underestimates its potential impact on compliance, productivity and long term enterprise value.
How can CHROs translate wellbeing data into board level risk disclosures ?
CHROs should reframe wellbeing data as evidence of control effectiveness within a broader risk management system, not as isolated engagement metrics. This means aggregating indicators such as absence, turnover, incident reports and survey results into a structured risk assessment that identifies key psychosocial hazards, affected populations and current mitigation measures. The resulting narrative should link psychosocial risks to business outcomes and regulatory expectations, enabling the board to understand exposure and approve targeted investments.
What does a mature psychosocial duty of care framework look like in practice ?
A mature framework integrates psychosocial risk into the same governance architecture used for physical health and safety, with clear policies, roles, controls and assurance mechanisms. It includes systematic psychosocial risk assessments, manager training, accessible occupational health and mental health support, and regular reporting to the executive team and the board. Crucially, it also enforces accountability by tying leadership evaluations and incentives to psychological safety, incident trends and remediation progress.
How can organizations measure psychosocial risk without turning engagement surveys into wellness theatre ?
Organizations should treat engagement surveys as one data source among many, not the sole indicator of psychosocial risk. A robust measurement approach combines quantitative data such as absence, overtime, claims and complaints with qualitative insights from focus groups, safety walks and occupational health consultations. By triangulating these sources within a formal risk assessment, leaders can identify specific hazards and track the impact of interventions without relying on superficial sentiment scores.
What is the role of line managers in managing psychosocial risks day to day ?
Line managers are the primary control point for psychosocial hazards because they shape workload, feedback, autonomy and team norms. Their responsibilities include identifying early signs of work stress, adjusting work design where possible, fostering psychological safety and escalating serious concerns through formal channels. CHROs must equip managers with practical tools, clear expectations and aligned incentives so that psychosocial risk management becomes part of everyday leadership, not an annual training module.
